[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009
From: Thierry Zoller <Thierry@xxxxxxxxx>
Date: Sat, 16 May 2009 01:21:43 +0200

FYI: IIS7 + Webdav seems not to be affected
I can't stress enough that this is not a simple auth bypass only -
You can _upload_ arbritary data to the server.

http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html



-- 
http://blog.zoller.lu
Thierry Zoller

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] IIS6 + webdav and unicode rides again in 2009
  - From: Kingcope

Prev by Date: [Full-disclosure] iDefense Security Advisory 05.14.09: Multiple Vendor Outside In Multiple Spreadsheet Buffer Overflow Vulnerabilities
Next by Date: [Full-disclosure] WinAppDbg module v1.1 is out!
Previous by thread: Re: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009
Next by thread: Re: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009
Index(es):
- Date
- Thread